From 682247e91a5aa725c923aacebfa8817fba514294 Mon Sep 17 00:00:00 2001 From: soonnae Date: Thu, 31 Jul 2025 18:51:31 +0900 Subject: [PATCH 1/3] [ AutoFiC ] Create package.json and CI workflow --- .github/workflows/pr_notify.yml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 .github/workflows/pr_notify.yml diff --git a/.github/workflows/pr_notify.yml b/.github/workflows/pr_notify.yml new file mode 100644 index 000000000..2b34036d0 --- /dev/null +++ b/.github/workflows/pr_notify.yml @@ -0,0 +1,20 @@ +name: PR Notifier + +on: + pull_request: + types: [opened, reopened, closed] + +jobs: + notify: + runs-on: ubuntu-latest + steps: + - name: Notify Discord + env: + DISCORD_WEBHOOK_URL: ${{ secrets.DISCORD_WEBHOOK_URL }} + run: | + curl -H "Content-Type: application/json" -d '{"content": "๐Ÿ”” Pull Request [${{ github.event.pull_request.title }}](${{ github.event.pull_request.html_url }}) by ${{ github.event.pull_request.user.login }} - ${{ github.event.action }}"}' $DISCORD_WEBHOOK_URL + - name: Notify Slack + env: + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + run: | + curl -H "Content-Type: application/json" -d '{"text": ":bell: Pull Request <${{ github.event.pull_request.html_url }}|${{ github.event.pull_request.title }}> by ${{ github.event.pull_request.user.login }} - ${{ github.event.action }}"}' $SLACK_WEBHOOK_URL From 9026d904496af1984d79cec7befef76a3873426c Mon Sep 17 00:00:00 2001 From: soonnae Date: Thu, 31 Jul 2025 18:51:34 +0900 Subject: [PATCH 2/3] [ AutoFiC ] 3 malicious code detected!! --- src/theme/Footer/Links/Simple/index.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/theme/Footer/Links/Simple/index.js b/src/theme/Footer/Links/Simple/index.js index 8b34d9b7b..b9c9ed77f 100644 --- a/src/theme/Footer/Links/Simple/index.js +++ b/src/theme/Footer/Links/Simple/index.js @@ -1,5 +1,7 @@ import React from 'react'; import LinkItem from '@theme/Footer/LinkItem'; +import DOMPurify from 'dompurify'; // Import DOMPurify + function Separator() { return ยท; } @@ -9,7 +11,7 @@ function SimpleLinkItem({item}) { className="footer__link-item" // Developer provided the HTML, so assume it's safe. // eslint-disable-next-line react/no-danger - dangerouslySetInnerHTML={{__html: item.html}} + dangerouslySetInnerHTML={{__html: DOMPurify.sanitize(item.html)}} // Sanitize HTML /> ) : ( From eeaba450401ea0b4fc3868d08fb3d91ddf415419 Mon Sep 17 00:00:00 2001 From: soonnae Date: Thu, 31 Jul 2025 18:51:50 +0900 Subject: [PATCH 3/3] chore: remove CI workflow before upstream PR --- .github/workflows/pr_notify.yml | 20 -------------------- 1 file changed, 20 deletions(-) delete mode 100644 .github/workflows/pr_notify.yml diff --git a/.github/workflows/pr_notify.yml b/.github/workflows/pr_notify.yml deleted file mode 100644 index 2b34036d0..000000000 --- a/.github/workflows/pr_notify.yml +++ /dev/null @@ -1,20 +0,0 @@ -name: PR Notifier - -on: - pull_request: - types: [opened, reopened, closed] - -jobs: - notify: - runs-on: ubuntu-latest - steps: - - name: Notify Discord - env: - DISCORD_WEBHOOK_URL: ${{ secrets.DISCORD_WEBHOOK_URL }} - run: | - curl -H "Content-Type: application/json" -d '{"content": "๐Ÿ”” Pull Request [${{ github.event.pull_request.title }}](${{ github.event.pull_request.html_url }}) by ${{ github.event.pull_request.user.login }} - ${{ github.event.action }}"}' $DISCORD_WEBHOOK_URL - - name: Notify Slack - env: - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} - run: | - curl -H "Content-Type: application/json" -d '{"text": ":bell: Pull Request <${{ github.event.pull_request.html_url }}|${{ github.event.pull_request.title }}> by ${{ github.event.pull_request.user.login }} - ${{ github.event.action }}"}' $SLACK_WEBHOOK_URL